<?php
    include_once "DB_DEFINES.php";
    include "user.php";

    $request_error_message = "";
    $login_error_code = 0;
    $xml_output = "";
    $username = "";
    $password = "";

   
    $name_pattern = '/[^A-Za-z0-9-_]/';                                 //regular expression gia to username validation
    $password_pattern = '/[^A-Za-z0-9]/';                               //regular expression gia to password validation

    if ( isset( $_POST["username"] ) && isset( $_POST["password"] ) ) {
        $username = $_POST["username"];
        $password = $_POST["password"];
    }
    else
         $request_error_message = "BAD_REQUEST";                        //Error: Bad Request


    if ( $username == "" || $password == "" )                                                                         //Error: Not all forms filled
        $login_error_code = "NOT_FILLED";

    /************************************************* Username Error Checking ***************************************************/
    if ( preg_match( $name_pattern, $username ) == true )                                                             //Error: Invalid Username
        $login_error_code = 1;
    else if ( strlen( $username ) > 20 )                                                                              //Error: Username too long
        $login_error_code = 1;
    else if ( strlen( $username ) < 5 )                                                                               //Error: Username too short
        $login_error_code = 1;

    /****************************************************** Password Error Checking *********************************************/
    if ( preg_match( $password_pattern, $password ) == true )                                                         //Error: Invalid Password
         $login_error_code = 1;
    else if ( strlen( $password ) < 9 )                                                                               //Error: Password too short
         $login_error_code = 1;



    if ( $login_error_code == 0 ) {
       
        $user = new user( $username, -1 );
        $login_error_code = $user->login( $password );                                                                //Kalw th login function tou user object

        header('Content-type: text/xml');
        $xml_output = '<?xml version="1.0" encoding="utf-8"?>' . "\n";
        if ( $login_error_code == LOGGED_IN )                {                                                         //Successfull log in
            $xml_output .= "<login><status>SUCCESS</status></login>";
            if ( isset( $_SESSION ) )
                session_destroy();
            session_start();                                                                                          //Dhmiourgia SESSION
            $_SESSION['username'] = $username;
            $_SESSION['privileges'] = $user->get_privileges();
        }
        else if ( $login_error_code == WRONG_USERNAME_OR_PASSWORD )                                                   //Authentication Failed
            $xml_output .= "<login><status>FAIL</status><error>AUTHENTICATION_FAILED</error></login>";
        else if ( $register_error_code == MYSQL_CONNECT_ERROR )                                                       //MYSQL_CONNECT_ERROR
            $xml_output .= "<login><status>FAIL</status><error>MYSQL_CONNECT_ERROR</error></login>";
        else                                                                                                          //MYSQL_ERROR
            $xml_output .= "<login><status>FAIL</status><error>MYSQL_ERROR</error></login>";
        echo $xml_output;
    }
    else {

        header('Content-type: text/xml');
        $xml_output = '<?xml version="1.0" encoding="utf-8"?>' . "\n";
        if ( $request_error_message != "" )
            $xml_output .= "<login><status>FAIL</status><error>BAD_REQUEST</error></login>";
        else
            $xml_output .= "<login><status>FAIL</status><error>AUTHENTICATION_FAILED</error></login>";                 //Authentication Failed

        echo $xml_output;
    }
?>